[Security\Http] Fix handling secure: auto
using the new RememberMeAuthenticator
This commit is contained in:
parent
bbb0a694fb
commit
3fdc15474c
@ -104,6 +104,10 @@ class RememberMeFactory implements SecurityFactoryInterface, AuthenticatorFactor
|
||||
$loader->load('security_authenticator_remember_me.php');
|
||||
}
|
||||
|
||||
if ('auto' === $config['secure']) {
|
||||
$config['secure'] = null;
|
||||
}
|
||||
|
||||
// create remember me handler (which manage the remember-me cookies)
|
||||
$rememberMeHandlerId = 'security.authenticator.remember_me_handler.'.$firewallName;
|
||||
if (isset($config['service']) && isset($config['token_provider'])) {
|
||||
|
@ -19,8 +19,23 @@ class RememberMeCookieTest extends AbstractWebTestCase
|
||||
]);
|
||||
|
||||
$cookies = $client->getResponse()->headers->getCookies(ResponseHeaderBag::COOKIES_ARRAY);
|
||||
$this->assertSame($expectedSecureFlag, $cookies['']['/']['REMEMBERME']->isSecure());
|
||||
}
|
||||
|
||||
$this->assertEquals($expectedSecureFlag, $cookies['']['/']['REMEMBERME']->isSecure());
|
||||
/** @dataProvider getSessionRememberMeSecureCookieFlagAutoHttpsMap */
|
||||
public function testOldSessionRememberMeSecureCookieFlagAuto($https, $expectedSecureFlag)
|
||||
{
|
||||
$client = $this->createClient(['test_case' => 'RememberMeCookie', 'root_config' => 'legacy_config.yml']);
|
||||
|
||||
$client->request('POST', '/login', [
|
||||
'_username' => 'test',
|
||||
'_password' => 'test',
|
||||
], [], [
|
||||
'HTTPS' => (int) $https,
|
||||
]);
|
||||
|
||||
$cookies = $client->getResponse()->headers->getCookies(ResponseHeaderBag::COOKIES_ARRAY);
|
||||
$this->assertSame($expectedSecureFlag, $cookies['']['/']['REMEMBERME']->isSecure());
|
||||
}
|
||||
|
||||
public function getSessionRememberMeSecureCookieFlagAutoHttpsMap()
|
||||
|
@ -2,6 +2,7 @@ imports:
|
||||
- { resource: ./../config/framework.yml }
|
||||
|
||||
security:
|
||||
enable_authenticator_manager: true
|
||||
password_hashers:
|
||||
Symfony\Component\Security\Core\User\InMemoryUser: plaintext
|
||||
|
||||
@ -22,4 +23,3 @@ security:
|
||||
secret: key
|
||||
secure: auto
|
||||
logout: ~
|
||||
anonymous: ~
|
||||
|
@ -0,0 +1,25 @@
|
||||
imports:
|
||||
- { resource: ./../config/framework.yml }
|
||||
|
||||
security:
|
||||
password_hashers:
|
||||
Symfony\Component\Security\Core\User\InMemoryUser: plaintext
|
||||
|
||||
providers:
|
||||
in_memory:
|
||||
memory:
|
||||
users:
|
||||
test: { password: test, roles: [ROLE_USER] }
|
||||
|
||||
firewalls:
|
||||
default:
|
||||
form_login:
|
||||
check_path: login
|
||||
remember_me: true
|
||||
require_previous_session: false
|
||||
remember_me:
|
||||
always_remember_me: true
|
||||
secret: key
|
||||
secure: auto
|
||||
logout: ~
|
||||
anonymous: ~
|
Reference in New Issue
Block a user